Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: Remote-desktop Digest, Vol 3, Issue 247
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote-desktop Digest, Vol 3, Issue 247




On Nov 18, 2006, at 3:04 PM, email@hidden wrote:

Send Remote-desktop mailing list submissions to

To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to

You can reach the person managing the list at

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Remote-desktop digest..."


Today's Topics:

   1. Status is just showing VNC (Arnold Nefkens)
   2. secunia reports ARD 3.1 security issue (chris thacker)
   3. Re: secunia reports ARD 3.1 security issue (John C. Welch)
   4. Re: Status is just showing VNC (Dan Shoop)
   5. Re: Status is just showing VNC (Hanx)
   6. Re: Status is just showing VNC (Arnold Nefkens)


----------------------------------------------------------------------

Message: 1
Date: Fri, 17 Nov 2006 22:24:36 +0100
From: Arnold Nefkens <email@hidden>
Subject: Status is just showing VNC
To: ARD List <email@hidden>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"

Hello List,

A client of mine has a Mac Mini located in a hosting centre, so it  
has a public IP. But I keep seeing the status of this MacMini as VNC  
On. And nothing more. I can just observe and control, but I'm unable  
to use ARD as I'm using it on my local LAN.

The Mac Mini is running Mac OS X 10.4.8, FW is enabled, and in the FW  
I created a separate rule set which allows the following ports: TCP:  
3283, 5900, 5988, UDP: 3283 and 5900 to be open, But to no avail. Is  
there someone who recognises this problem? And knows the solution? Or  
is it just not possible?

For your info:

The command ipfw list gives me the following result:

02000 allow ip from any to any via lo*
02010 deny ip from 127.0.0.0/8 to any in
02020 deny ip from any to 127.0.0.0/8 in
02030 deny ip from 224.0.0.0/3 to any in
02040 deny tcp from any to 224.0.0.0/3 in
02050 allow tcp from any to any out
02060 allow tcp from any to any established
02070 allow tcp from any to any dst-port 3283 in
02080 allow tcp from any to any dst-port 5900 in
02090 allow tcp from any to any dst-port 22 in
02100 allow tcp from any to any dst-port 3283 in
02110 allow tcp from any to any dst-port 5900 in
02120 allow tcp from any to any dst-port 5988 in
02130 allow tcp from any to any dst-port 80 in
02140 allow tcp from any to any dst-port 427 in
02150 allow tcp from any to any dst-port 443 in
12190 deny log tcp from any to any
65535 allow ip from any to any

---

Arnold Nefkens

Nefkens Advies


Apple Certified Technical Coordinator
Apple Certified System Administrator



-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 2
Date: Fri, 17 Nov 2006 14:18:25 -0800
From: chris thacker <email@hidden>
Subject: secunia reports ARD 3.1 security issue
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"


anything we need to be concerned about or do?


____________
Chris Thacker
Campus Life Services - Information Systems
University of California at San Francisco
[help desk]   415 502-5511
[direct line]  415 514-3373

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Fri, 17 Nov 2006 16:44:39 -0600
From: "John C. Welch" <email@hidden>
Subject: Re: secunia reports ARD 3.1 security issue
To: ARD List <email@hidden>
Message-ID: <C1839777.39362%email@hidden>
Content-Type: text/plain; charset="US-ASCII"

On 11/17/06 16:18, "chris thacker" <email@hidden> wrote:


anything we need to be concerned about or do?


If you read the advisory, this is the problem that 3.1 fixes, hence the
solution being "upgrade to 3.1"

-- 
John C. Welch         Writer/Analyst
Bynkii.com              Mac and other opinions




------------------------------

Message: 4
Date: Fri, 17 Nov 2006 21:54:15 -0500
From: Dan Shoop <email@hidden>
Subject: Re: Status is just showing VNC
To: Arnold Nefkens <email@hidden>, ARD List
Content-Type: text/plain; charset=us-ascii; format=flowed

At 10:24 PM +0100 11/17/06, Arnold Nefkens wrote:
Hello List,

A client of mine has a Mac Mini located in a hosting centre, so it 
has a public IP. But I keep seeing the status of this MacMini as VNC 
On. And nothing more.

The reverse ports are blocked or the packets aren't being routed 
through stateful firewalls or NAT coming from the client Mac to your 
admin machine.

 I can just observe and control, but I'm unable to use ARD as I'm 
using it on my local LAN.

Use a VPN.

-- 

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                      http://www.ustsvs.com/
email@hidden                                http://www.iwiring.net/
1-714-363-1174

"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss

------------------------------------------------------------------------

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.


------------------------------

Message: 5
Date: Sat, 18 Nov 2006 12:08:16 +0800
From: Hanx <email@hidden>
Subject: Re: Status is just showing VNC
To: Arnold Nefkens <email@hidden>
Cc: ARD List <email@hidden>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"

Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2456 bytes
Desc: not available

------------------------------

Message: 6
Date: Sat, 18 Nov 2006 11:07:17 +0100
From: Arnold Nefkens <email@hidden>
Subject: Re: Status is just showing VNC
To: Hanx <email@hidden>
Cc: ARD List <email@hidden>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"

Solved.


Thanks,  that did the trick...


---

Arnold Nefkens

Nefkens Advies


Apple Certified Technical Coordinator
Apple Certified System Administrator



On 18-nov-2006, at 5:08, Hanx wrote:

On 18 Nov 2006, at 05:24, Arnold Nefkens wrote:

A client of mine has a Mac Mini located in a hosting centre, so it  
has a public IP. But I keep seeing the status of this MacMini as  
VNC On. And nothing more. I can just observe and control, but I'm  
unable to use ARD as I'm using it on my local LAN.

The Mac Mini is running Mac OS X 10.4.8, FW is enabled, and in the  
FW I created a separate rule set which allows the following ports:  
TCP: 3283, 5900, 5988, UDP: 3283 and 5900 to be open, But to no  
avail. Is there someone who recognises this problem? And knows the  
solution? Or is it just not possible?

You may want to check with the hosting centre and request them to  
open the ARD ports to the Mac mini's public IP.

I had a similar case with a new Xserve at a hosting centre and  
everything is fine once I got them to let ARD through.
-- 
Regards,
../Hanx


-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

_______________________________________________
Remote-desktop mailing list

End of Remote-desktop Digest, Vol 3, Issue 247
**********************************************


Jane Spence Steff

Elementary Instructional Technology Specialist

State College Area School District

State College, PA 16801

email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Remote-desktop mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.